diff --git a/server/AyaNova/DataList/DataListFetcher.cs b/server/AyaNova/DataList/DataListFetcher.cs index 25361b1e..807ad351 100644 --- a/server/AyaNova/DataList/DataListFetcher.cs +++ b/server/AyaNova/DataList/DataListFetcher.cs @@ -48,7 +48,7 @@ namespace AyaNova.DataList //Hard coded extra criteria from server end if (DataList is IAyaDataListViewServerCriteria) { - var ServerCriteriaListView = JArray.Parse(((IAyaDataListViewServerCriteria)DataList).ListViewServerCriteria(userId)); + var ServerCriteriaListView = JArray.Parse(((IAyaDataListViewServerCriteria)DataList).ListViewServerCriteria(await ct.User.AsNoTracking().FirstOrDefaultAsync(z => z.Id == userId), ct)); foreach (JToken jt in ServerCriteriaListView) InternalListViewArray.Add(jt); } @@ -267,7 +267,7 @@ namespace AyaNova.DataList //Hard coded extra criteria from server end if (DataList is IAyaDataListViewServerCriteria) { - var ServerCriteriaListView = JArray.Parse(((IAyaDataListViewServerCriteria)DataList).ListViewServerCriteria(userId)); + var ServerCriteriaListView = JArray.Parse(((IAyaDataListViewServerCriteria)DataList).ListViewServerCriteria(await ct.User.AsNoTracking().FirstOrDefaultAsync(z => z.Id == userId), ct)); foreach (JToken jt in ServerCriteriaListView) ListViewArray.Add(jt); } diff --git a/server/AyaNova/DataList/IAyaDataListExtraCriteria.cs b/server/AyaNova/DataList/IAyaDataListExtraCriteria.cs index 9dff8d6a..420786ab 100644 --- a/server/AyaNova/DataList/IAyaDataListExtraCriteria.cs +++ b/server/AyaNova/DataList/IAyaDataListExtraCriteria.cs @@ -1,9 +1,9 @@ namespace AyaNova.DataList { internal interface IAyaDataListViewServerCriteria - { + { //Additional criteria for security or other reasons //hard coded into some lists (e.g. MemoDataList so users can't get other people's memos) - string ListViewServerCriteria (long userId); + string ListViewServerCriteria(AyaNova.Models.User user, AyaNova.Models.AyContext ct); } } \ No newline at end of file diff --git a/server/AyaNova/DataList/MemoDataList.cs b/server/AyaNova/DataList/MemoDataList.cs index 2be9e0f5..954ec73b 100644 --- a/server/AyaNova/DataList/MemoDataList.cs +++ b/server/AyaNova/DataList/MemoDataList.cs @@ -1,5 +1,6 @@ using System.Collections.Generic; using Newtonsoft.Json.Linq; +using AyaNova.Models; using AyaNova.Biz; namespace AyaNova.DataList { @@ -137,9 +138,9 @@ namespace AyaNova.DataList - string IAyaDataListViewServerCriteria.ListViewServerCriteria(long userId) + string IAyaDataListViewServerCriteria.ListViewServerCriteria(User user, AyaNova.Models.AyContext ct) { - return "[{\"fld\":\"metamemoto\",\"filter\":{\"items\":[{\"op\":\"=\",\"value\":" + userId.ToString() + "}]}}]"; + return "[{\"fld\":\"metamemoto\",\"filter\":{\"items\":[{\"op\":\"=\",\"value\":" + user.Id.ToString() + "}]}}]"; } }//eoc diff --git a/server/AyaNova/DataList/ReminderDataList.cs b/server/AyaNova/DataList/ReminderDataList.cs index 2fb3a90c..d1eb3c50 100644 --- a/server/AyaNova/DataList/ReminderDataList.cs +++ b/server/AyaNova/DataList/ReminderDataList.cs @@ -1,5 +1,6 @@ using System.Collections.Generic; using Newtonsoft.Json.Linq; +using AyaNova.Models; using AyaNova.Biz; namespace AyaNova.DataList { @@ -17,7 +18,7 @@ namespace AyaNova.DataList //######## DEFAULT VIEW WHEN NO VIEW CHOSEN ############ dynamic dlistView = new JArray(); - + dynamic cm = new JObject(); cm.fld = "ReminderName"; dlistView.Add(cm); @@ -113,9 +114,9 @@ namespace AyaNova.DataList } //Ensure only current user can fetch their reminders - string IAyaDataListViewServerCriteria.ListViewServerCriteria(long userId) + string IAyaDataListViewServerCriteria.ListViewServerCriteria(User user, AyContext ct) { - return "[{\"fld\":\"metareminderuser\",\"filter\":{\"items\":[{\"op\":\"=\",\"value\":" + userId.ToString() + "}]}}]"; + return "[{\"fld\":\"metareminderuser\",\"filter\":{\"items\":[{\"op\":\"=\",\"value\":" + user.Id.ToString() + "}]}}]"; } }//eoc diff --git a/server/AyaNova/DataList/ReviewDataList.cs b/server/AyaNova/DataList/ReviewDataList.cs index b34ebc7d..83110470 100644 --- a/server/AyaNova/DataList/ReviewDataList.cs +++ b/server/AyaNova/DataList/ReviewDataList.cs @@ -1,5 +1,6 @@ using System.Collections.Generic; using Newtonsoft.Json.Linq; +using AyaNova.Models; using AyaNova.Biz; namespace AyaNova.DataList { @@ -184,9 +185,18 @@ namespace AyaNova.DataList - string IAyaDataListViewServerCriteria.ListViewServerCriteria(long userId) + string IAyaDataListViewServerCriteria.ListViewServerCriteria(User user, AyaNova.Models.AyContext ct) { - return "[{\"fld\":\"metareviewuser\",\"filter\":{\"items\":[{\"op\":\"=\",\"value\":" + userId.ToString() + "}]}}]"; + var CurrentUserRoles = user.Roles; + bool HasSupervisorRole = + CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) || + CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) || + CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryFull) || + CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) || + CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull); + if (!HasSupervisorRole) + return "[{\"fld\":\"metareviewuser\",\"filter\":{\"items\":[{\"op\":\"=\",\"value\":" + user.Id.ToString() + "}]}}]"; + return null; } }//eoc